Wpa_supplicant

See also MzLinux Wifi Page.

• Linux WPA/WPA2/IEEE 802.1X Supplicant, has support for WPA and WPA2 Supported wireless cards/drivers it includes Host AP driver for Prism2/2.5/3, Linuxant DriverLoader, Agere Systems Inc. Linux Driver (Hermes-I/Hermes-II chipset), madwifi (Atheros ar521x) ATMEL AT76C5XXx, Linux ndiswrapper, Broadcom wl.o driver, Intel ipw2100.
• wpa supplicant README.
• Example wpa_supplicant configuration file
• Debian: WiFi How To Use
• WPA support in Debian
• Quick Start Guide to Debian and WPA Wireless Security by Mike Shuey - 2006.
• ArchWiki: WPA supplicant.
• Ubuntu WiFi Doc: WPA HowTo, WiFi HowTo

Using wpa_supplicant

If you want dispense from using an heavy network manager; or if you don’t have the graphic desktop; or the resources to do it you can connect to a roaming wifi ap directly with wpa_supplicant and wpa_cli. If you have a graphic interface wpa_gui will make the work a lot simpler.

You have first to set in your /etc/network/interface a configuration entry like:

iface roam inet manual
wpa-driver wext wpa-roam

In /etc/wpa_supplicant_roam.conf:

ctrl_interface=DIR=/var/run/wpa_supplicant
ctrl_interface_group=netdev
update_config=1

network={
    key_mgmt=NONE
    disabled=1
}

It must be writable by the group from which you will control the interface:

$ sudo chown root:netdev /etc/wpa_supplicant/roam.conf
$ sudo chmod 660 /etc/wpa_supplicant/roam.conf

To test your configuration you can test with debug as:

$ wpa_supplicant  -Dwext -iwlan0 -d -C/var/run/wpa_sup

Then to background the daemon:

$ wpa_supplicant  -Dwext -iwlan0 -B -C/var/run/wpa_sup

In production you usually launch wpa_supplicant with:

$ sudo ifup -v wlan0=roam

You can inspect the scanned networks and change the configuration either with wpa_gui or with the command line wpa_cli.

wpa_gui is quite simple just do scan, then edit the network following what you found, and connect.

wpa_cli is less easy, but you can do the following:

> scan
SCANNING
> scan_results
bssid / frequency / signal level / flags / ssid
00:0f:66:56:f1:b3       2432    196     [WPA-PSK-TKIP][ESS]     myap
> set_network 1 key_mgmt WPA-PSK
> set_network 1 psk "mysecretpassword"
> set_network 1  pairwise TKIP

You may prefer to use iwlist to scan your network as it gives more information.

$ iwlist wlan0 scanning
wlan0     Scan completed :
          Cell 01 - Address: 00:0F:66:56:F1:B3
                    Channel:5
                    Frequency:2.432 GHz (Channel 5)
                    Quality=54/70  Signal level=-56 dBm
                    Encryption key:on
                    ESSID:"myap"
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s
                              24 Mb/s; 36 Mb/s; 54 Mb/s
                    Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 48 Mb/s
                    ....
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : TKIP
                        Authentication Suites (1) : PSK

An example of full session, adding a new AP is

# wpa_cli -g/var/run/wpa_sup
> status
wpa_state=INACTIVE
address=00:c9:33:34:4f:ed
> scan
OK
> scan_result
bssid / frequency / signal level / flags / ssid
de:ad:be:ef:70:e2    2422    -48     [WPA2-EAP-TKIP+CCMP][ESS]       FreeAP_secure
de:ad:be:ef:70:e0    2422    -48     [WPA-PSK-CCMP][ESS]     AP-123456
de:ad:be:ef:70:e1    2422    -60     [ESS]   FreeAP
> add_network
0
> set_network 0 ssid "AP-123456"
OK
> set_network 0 psk "mysecretpassword"
OK
> enable_network 0
OK
> status
bssid=de:ad:be:ef:70:e0
ssid=AP-123456
id=0
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA-PSK
wpa_state=COMPLETED
address=00:c9:33:34:4f:ed
> set update_config 1
OK
> set_network 0 proto WPA
OK
> set_network 0 key_mgmt WPA-PSK
OK
> set_network 0 pairwise CCMP
OK
> set_network 0 group CCMP
OK
> save_config
OK